¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_04.05.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:44:59 05/17/2017 Updated 04/05/2017 | 17.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-0MK4QLL] SID = S-1-5-21-2393403230-1296784631-2839305349-1001 Boot: Normal boot System : Windows 10 Home (32 bits) Core ProcessorNameString : Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Identifier : x86 Family 6 Model 55 Stepping 8 CoreTemp : 42.4 Celsius - Max : -273.2 Celsius Memory RAM = Total (MB) : 2033 | Free (MB) : 795 Pagefile = Total (MB) : 4130 | Free (MB) : 2916 Virtual = Total (MB) : 2097 | Free (MB) : 1861 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives X:\-> [Network] | [] | Total : 30.02 Go | Free : 0.06 Go -> F:\-> [Removable] | [CUBUNTU] | Total : 7.2 Go | Free : 0.09 Go -> FAT32 [USB] E:\-> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 650.01 Go -> NTFS [USB] D:\-> [Removable] | [séjour pari] | Total : 117.02 Go | Free : 73.76 Go -> exFAT (SSD) [SD] C:\-> [Fixed] | [Windows] | Total : 28.62 Go | Free : 3.25 Go -> NTFS (SSD) [SD] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\defaultuser0 C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [17.05.2017 @ 09_27_39]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.953 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 25.0.0.171 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : COMODO Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1736 | [Owner : |Parent : 948] - (.Code Sector - TeraCopy Service.) - (3.0.2.0) = C:\Program Files\TeraCopy\TeraCopyService.exe 1924 | [Owner : |Parent : 948] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4491) = C:\Windows\System32\igfxCUIService.exe 2020 | [Owner : |Parent : 948] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.953) = C:\Windows\System32\spoolsv.exe 2412 | [Owner : Système |Parent : 948] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.4.167.0) = C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe 2452 | [Owner : Système |Parent : 948] - (.Intel Corporation - Intel DPTF Critical Service.) - (7.0.0.1) = C:\Windows\System32\DptfPolicyCriticalService.exe 2476 | [Owner : |Parent : 948] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\MsMpEng.exe 2492 | [Owner : Système |Parent : 948] - (.COMODO - Internet Security Essentials.) - (1.1.20283.43) = C:\Program Files\Comodo\Internet Security Essentials\isesrv.exe 2564 | [Owner : Système |Parent : 948] - (.Solvusoft - SupersonicPC - Defrag Service.) - (1.0.648.12715) = C:\Program Files\SupersonicPC\SolvusoftWMDefragSrv.exe 2584 | [Owner : Système |Parent : 948] - (.IObit - Uninstall Programs.) - (6.1.0.6) = C:\Program Files\IObit\IObit Uninstaller\IUService.exe 2592 | [Owner : Système |Parent : 948] - (.Comodo - Comodo Dragon.) - (1.0.0.1) = C:\Program Files\Comodo\Dragon\dragon_updater.exe 2612 | [Owner : Système |Parent : 948] - (.Intel Corporation - Intel DPTF Processor Service.) - (7.0.0.1) = C:\Windows\System32\DptfParticipantProcessorService.exe 2632 | [Owner : Système |Parent : 948] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe 2648 | [Owner : Système |Parent : 948] - (.Intel Corporation - Intel DPTF LPM Service.) - (7.0.0.1) = C:\Windows\System32\DptfPolicyLpmService.exe 3632 | [Owner : Système |Parent : 1060] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe 932 | [Owner : |Parent : 948] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\NisSrv.exe 3548 | [Owner : jean- |Parent : 1328] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 4036 | [Owner : jean- |Parent : 948] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 2256 | [Owner : jean- |Parent : 1328] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 4200 | [Owner : jean- |Parent : 1328] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe 4236 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 4436 | [Owner : LogonSessionId_0_528997 |Parent : 948] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 4452 | [Owner : jean- |Parent : 4408] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.1198) = C:\Windows\explorer.exe 4920 | [Owner : jean- |Parent : 4744] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4491) = C:\Windows\System32\igfxEM.exe 4956 | [Owner : jean- |Parent : 4744] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4491) = C:\Windows\System32\igfxHK.exe 5040 | [Owner : jean- |Parent : 4744] - (.Intel Corporation - igfxTray Module.) - (6.15.10.4491) = C:\Windows\System32\igfxTray.exe 5168 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 5292 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.1198) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5620 | [Owner : SERVICE RÉSEAU |Parent : 5524] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\MpCmdRun.exe 5840 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.14393.1198) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5244 | [Owner : jean- |Parent : 4452] - (.Intel Corporation - Intel DPTF LPM Service Helper.) - (7.0.0.1) = C:\Windows\System32\DptfPolicyLpmServiceHelper.exe 5556 | [Owner : jean- |Parent : 4452] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe 5552 | [Owner : jean- |Parent : 4452] - (.COMODO - Internet Security Essentials.) - (1.1.20283.43) = C:\Program Files\Comodo\Internet Security Essentials\vkise.exe 2180 | [Owner : jean- |Parent : 4452] - (. - .) - (0.0.0.0) = C:\Program Files\Unlocker\UnlockerAssistant.exe 552 | [Owner : jean- |Parent : 4452] - (. - .) - (0.0.0.0) = C:\Program Files\Anvsoft\Syncios\SynciosDeviceService.exe 2172 | [Owner : jean- |Parent : 4452] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.10.14393.1198) = C:\Program Files\Windows Defender\MSASCuiL.exe 540 | [Owner : jean- |Parent : 4452] - (.Ashampoo Development GmbH & Co. KG - Ashampoo Live-Tuner Client.) - (8.1.0.0) = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\LiveTuner2.exe 5932 | [Owner : jean- |Parent : 552] - (. - .) - (0.0.0.0) = C:\Program Files\Anvsoft\Syncios\androidnotifier.exe 5848 | [Owner : jean- |Parent : 4452] - (.ultracopier.first-world.info - Supercopier under GPL3.) - (1.2.3.6) = C:\Program Files\Supercopier\supercopier.exe 5812 | [Owner : jean- |Parent : 4452] - (. - .) - (0.0.0.0) = C:\SkinPack\RocketDock\RocketDock.exe 5728 | [Owner : jean- |Parent : 5912] - (. - .) - (0.0.0.0) = C:\Program Files\Anvsoft\Syncios\adb.exe 1856 | [Owner : jean- |Parent : 4200] - (.COMODO - COMODO Internet Security.) - (10.0.1.6223) = C:\Program Files\Comodo\COMODO Internet Security\cis.exe 2036 | [Owner : jean- |Parent : 4452] - (.Microsoft Corporation - Application Windows Wordpad.) - (10.0.14393.953) = C:\Program Files\Windows NT\Accessories\wordpad.exe 1612 | [Owner : Système |Parent : 948] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo WinOptimizer 15\LiveTunerService.exe 6168 | [Owner : jean- |Parent : 1060] - (. - .) - (11.15.597.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x86__kzf8qxf38zg5c\SkypeHost.exe 7552 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.1198) = C:\Windows\System32\SettingSyncHost.exe 6040 | [Owner : Système |Parent : 864] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.1066) = C:\Windows\System32\fontdrvhost.exe 7844 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 8072 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.14393.1198) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 8036 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - Browser_Broker.) - (11.0.14393.1198) = C:\Windows\System32\browser_broker.exe 2144 | [Owner : jean- |Parent : 4236] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.14393.953) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 6600 | [Owner : jean- |Parent : 1060] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.1198) = C:\Windows\System32\smartscreen.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of E:\autorun (1).inf : [autorun] open=Framakey.exe icon=Framakey.exe label=Framakey 2 shell=Framakey shell\FramaKey=FramaKey 2 shell\FramaKey\command=Framakey.exe ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-2393403230-1296784631-2839305349-1001\Software\undefined Deleted : HKLM\Software\adaware Deleted : HKLM\Software\jam software Moved to quarantine successfully : E:\Adaware_Installer.exe Moved to quarantine successfully : E:\FileVoyager_Setup_17.4.7.0_Full.exe Moved to quarantine successfully : E:\LikeNEWPCSetup.exe Moved to quarantine successfully : E:\RogueKillerCMDX64.exe Moved to quarantine successfully : F:\Remove_LiLi.bat ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Usbfix) X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate X:\ : Impossible to vaccinate ���������� | Hidden files ~ [Drive D:] : Hidden : 2 | Restored : 2